1. Field of the Invention
The present invention relates to an information processing device, disc, information processing method, and program, and further specifically, relates to an information processing device, disc, information processing method, and program, which include a configuration whereby usage control of a content recorded in an information recording medium can be performed.
The present invention further relates to an information processing device, disc, information processing method, and program, which have a configuration wherein activation processing of usage control information of a content recorded in an information recording medium is executed to determine whether or not the usage control information is activated, and in a case where the usage control information is activated, usage of the usage control information is performed.
2. Description of the Related Art
Discs such as DVD (Digital Versatile Disc), Blu-ray Disc (registered trademark), and so forth have been employed as content recording media. For example, various types of content such as a movie content or the like is recorded in a disc (e.g., ROM disc), and is provided to a user. Such a disc recorded content is frequently a content of which the copyright and distribution right and so forth are possessed by a creator or vendor. With regard to such a content, a certain usage control configuration has been employed to prevent, for example, unauthorized copying and so forth.
There is AACS (Advanced Access Content System) as specification regarding contents copyright protection. AACS stipulates, for example, copyright protection technology employing, for example, the AES encryption or the like.
According to the AACS standard, for example in a case where content reproduction, copy processing, or the like is performed from a disc, identification information recorded in a disc, e.g., a PMSN (Pre-recorded Media Serial Number) which is identification unique to a disc, has to be read. Further, processing in accordance with the sequence stipulated by AACS, e.g., authentication processing and encryption processing have to be performed. With the content recorded disc in accordance with the AACS standard, the PMSN which is identification information unique to a disc is recorded in a BCA (Burst Cutting Area) of the disc, and processing employing this identification information is requested.
The BCA region is a region different from a normal data recording region, where data is recorded by physical cutting different from a normal data recording method. Accordingly, rewriting is difficult for the recorded data in the BCA region, and with reproduction processing as well, particular reading processing different from normal data reproduction processing is employed.
Description will be made regarding an example of a processing sequence in the case of the reproduction processing of a disc recorded content in accordance with the AACS standard, or in a case where a content is copied to another medium such as a hard disk or the like, with reference to FIGS. 1 and 2.
FIG. 1 is a diagram describing a disc recorded content reproducing sequence in accordance with the AACS standard. FIG. 1 illustrates from the left a disc (information recording medium) 10 in which a content is stored, a drive 20 on which the disc 10 is mounted to perform reading of data, and a host 30 which obtains recorded data of the disc 10 through the drive 20 to perform content decoding and reproducing processing. Note that though the drawing illustrates the drive 20 and host 30 as separate configurations, the drive and host may have an integral configuration of one device, for example, such as a reproducing device or the like. The disc 10 at the left end is, for example, a disc 10 compatible with the AACS standard, wherein a content such a movie has been recorded as an encrypted content 17 beforehand.
A content ID 14 which is identification information of the encrypted content 17, a volume ID 15 serving as a manufacturing serial No. of the disc 10, and a PMSN (Pre-recorded Media Serial Number) serving as a media ID 16 which is identification information unique to a disc are recorded in the disc 10. Note that the content ID 14 is not recorded in some cases, and accordingly is described with parentheses as (content ID) in the drawing. Also, the media ID (PMSN) is recorded in the BCA region as described above.
The disc 10 further stores a script 11 which is a simple program for executing reproduction or copying processing in accordance with the AACS standard, a URL 12 of a server to be connected to obtain permission of copying processing, for example, at the time of copying processing of a disc recorded content, and an MKB (Media Key Block) 13 which is an encryption key block where key information to be applied to decoding processing of the encrypted content 17.
The MKB (Media Key Block) 13 is encryption information (encryption key) block to be generated based on a tree-structured key distribution method known as one mode of the broadcast encryption method. The MKB 13 is an encryption information block where a media key [Km] which is a key for decoding of a content is encrypted and stored, and the media key [Km] can be obtained by processing employing a device key [Kd] stored in a user device having a valid license.
The drive 20 includes key data 21 including a public key of the AACS management center, a drive public key, and a drive secret key, and a host revocation list 22. The host revocation list 22 is a list in which the identification information of a host determined to be an unauthorized host by the AACS management center is recorded, i.e., a blacklist. For example, the identification number of a host public key certificate corresponding to the host is recorded as the identification information of the host. A signature by the secret key of the AACS management center is added to the host revocation list 22 so as to prevent tampering.
The host 30 includes key data 31 including a public key of the AACS management center, a host public key, and a host secret key, and a drive revocation list 32. The drive revocation list 32 is a list in which the identification information of a drive determined to be an unauthorized drive device by the AACS management center is recorded, i.e., a blacklist. For example, the identification number of a drive public key certificate corresponding to the drive is recorded as the identification information of the drive. A signature by the secret key of the AACS management center is added to the drive revocation list 32 so as to prevent tampering. Note that an arrangement may be made wherein the host revocation list 22 and drive revocation list 32 are recorded in the disc 10, and the drive 20 and host 30 read and employ the data recorded in the disc 10.
Description will be made regarding a sequence in the case of the host 30 performing reproduction of a content. The host 30 and drive 20 first execute authentication processing between an authentication processing unit 22 of the host 30 and an authentication processing unit 23 of the drive 20. This authentication processing is executed in accordance with the processing sequence stipulated by AACS. With this processing, principal processes executed by each device are as follows.
The drive 20 reads out the host revocation list 22, employs the public key of the AACS management center to perform signature verification of the host revocation list 22, thereby confirming that there is no tampering, and confirming that the identification information of the host 30 has not been described in the host revocation list 22, i.e., that the host 30 has not been revoked.
The host 30 also reads out the drive revocation list 32, employs the public key of the AACS management center to perform signature verification of the drive revocation list 32, thereby confirming that there is no tampering, and confirming that the identification information of the drive 20 has not been described in the drive revocation list 32, i.e., that the drive 20 has not been revoked.
In a case where determination is made that both of the drive 20 and host 30 have not been revoked, communication of encrypted data in accordance with the AACS standard is executed between the drive 20 and host 30, and a shared secret key is generated, and is shared between the drive 20 and host 30.
Upon authentication between the host and drive being completed, the drive 20 reads out the media ID (PMSN) 16 from the disc 10, executes MAC generation processing to which the shared key generated at the authentication processing is applied, at an MAC calculating unit 24, and transmits the generated MAC value and media ID (PMSN) 16 to the host 30.
Note that, as described above, the media ID (PMSN) 16 has to be recorded in the BCA region different from a normal data recording region, and has to be subjected to particular reading processing different from normal data reproduction processing.
An MAC calculating unit 34 of the host 30 executes MAC verification processing to which the shared key generated at the time of the authentication processing is applied. Specifically, the MAC calculating unit 34 subjects the media ID received from the drive 20 MAC generation processing to which the shared key is applied, and compares the generated MAC value and the MAC value received from the drive 20. In a case where the two MAC values are matched, determination is made that verification has succeeded, and an encryption processing module 36 executes content decoding and reproducing processing in accordance with the AACS standard.
With the content decoding in accordance with the AACS standard executed at the encryption processing module 36, according to the processing of the MKB 13 to which the device key [Kd] 35 is applied, a media key [Km] is obtained from the MKB 13, and according to the processing to which the media key [Km] is applied, a key for content decoding is obtained, and accordingly, content decoding processing is executed.
Next, description will be made regarding a copy processing sequence of a disc recorded content as to another medium, for example, such as a hard disk or the like, with reference to FIG. 2. At the time of copying of a disc recorded content in accordance with the AACS standard, copy permission information has to be obtained from the administrative server in accordance with the AACS standard. Copy processing based on this permission is referred to as managed copy.
FIG. 2 illustrates from the left an administrative server 50 which outputs copy permission information, an information processing device 40 which executes copy processing, and a disc 10 in which a content to be copied is stored. Note that the information processing device 40 is a device having both functions of the host and drive described with reference to FIG. 1. The disc 10 is a disc compatible with the AACS standard as with the disc 10 described with reference to FIG. 1, in which a content such as a movie content or the like is recorded as the encrypted content 17. The other information of the disc 10 is the same information as described with reference to FIG. 1.
In the case of copying the encrypted content 17 recorded in the disc 10 to a recording medium 44, e.g., a recording medium 44 such as a hard disk included in the information processing device 40, the information processing device 40 causes a script execution unit 41 to execute a script 11 (simple program) recorded in the disc 10 to obtain copy permission information from the administrative server 50.
A program for executing a series of procedures at the time of executing copy processing is recorded in the script 11. A copy permission requesting unit 42 of the information processing device 40 reads the media 10 (PMSN) 16, or the content ID 14 and media ID (PMSN) 16 from the disc 10, and transmits the ID information thereof to the administrative server 50 in accordance with the URL 12 recorded in the disc 10. Note that, as described above, the media ID (PMSN) 16 has to be recorded in the BCA region different from a normal data recording region, and has to be subjected to particular reading processing different from normal data reproduction processing.
A copy permission determining unit 51 of the administrative server 50 receives the media ID (PMSN) 16, or the content ID 14 and media ID (PMSN) 16 from the information processing device 40, confirms a recorded disc, or confirms a content to be copied and a recorded disc thereof, and determines whether or not copying is permitted. The administrative server 50 holds copy permission information in increments of discs or in increments of discs and contents. For example, information is held such that a content A in a particular disc is a content which permits one-time copy processing.
The copy permission determining unit 51 of the administrative server 50 determines in accordance with such copy permission information whether to permit the copy request from the information processing device 40, and informs the information processing device 40 of copy validity determination information through a copy permission notification unit 52.
Upon receiving the copy permission information from the administrative server 50, the information processing device 40 causes the copy execution unit 43 to read the encrypted content 17 recorded in the disc 10, and execute processing for copying the encrypted content 17 to a recording medium 44 such as a hard disk or the like included in the information processing device 40. Note that at the time of this copy processing, decoding processing of the encrypted content 17 is executed, whereby this content can be recorded as a decoded content, and in this case, the MKB 13 and volume ID 15 are read from the disc 10, such read data is employed to execute a decoding sequence in accordance with the AACS standard, and the obtained decoded content is recorded in the recording medium 44.
Description has been made so far regarding the reproduction processing of a disc recorded content, and a copy processing sequence of a disc recorded content, in accordance with the AACS standard, with reference to FIGS. 1 and 2.